Info Image

Delivering Encrypted Traffic Visibility in the Era of SASE and ZTNA: Shree Shirgurkar, Catchpoint

Delivering Encrypted Traffic Visibility in the Era of SASE and ZTNA: Shree Shirgurkar, Catchpoint Image Credit: Catchpoint

The Fast Mode spoke to Shree Shirgurkar, Vice President of Product Management at Catchpoint on new encryption technologies and their impact on today's networks. Shree joins us in a series of discussions with leading vendors in the traffic management, service assurance, traffic monitoring, analytics, policy control and network security space, assessing various attributes of encryption, its benefits as well as the challenges it poses, specifically loss of visibility that makes networking increasingly complex.

Tara: How has encryption impacted network and traffic visibility?

Shree: Encryption can happen at any of the levels of the OSI (Open Systems Interconnection) model. Virtual Private Networks (VPNs) have been around for decades and use encryption mechanisms (e.g. AES 256) to secure traffic. As a result, we believe network operators have been aware of the challenges faced in monitoring VPN related issues due to involved encryption techniques.  

In the 2020’s, enterprises are transforming their security infrastructures and networks with SASE (Secure Access Service Edge) and ZTNA (Zero trust Network Access) to replace traditional VPNs and enable employees to get work done securely and flexibly from anywhere. This introduces significant blind spots in traffic visibility that can delay issue resolution more than ever before. It also places trust in vendors to deliver, as expected, without fail and more importantly, without visibility.  

Underlay and overlay transport network concepts need to be considered in order to have visibility to troubleshoot and diagnose network performance issues. While many solutions in the market claim to provide visibility into encrypted network traffic, there are three key elements to consider for network and traffic visibility with encrypted traffic: 

  1. Internet Performance Monitoring: while traditional VPNs rely less on the Internet for transport (e.g. VPN servers were on-prem), newer SASE and ZTNA solutions rely largely on the Internet for transport. Having visibility into the layers of the network that make the Internet (e.g. DNS, ISP, CDN, BGP, public clouds) is essential for visibility into network traffic.     
  2. Global expense: customers can be anywhere on the globe and with the pandemic promoting hybrid work, employees need to get work done securely and flexibly from anywhere. For network and traffic visibility in such a scenario, a global network of observation points is essential 
  3. Analytics and insights: due to the ever-increasing complexity involved in network and traffic visibility, it is essential that solutions provide analytics and superior insights from the data collected.   

The end user perspective is critical in network and traffic visibility and Catchpoint uniquely can provide the closest representation of the true experience. From vendor selection to troubleshooting during complex rollouts to day-to-day proactive and real-time monitoring, Catchpoint has the unique differentiation as an independent vendor-agnostic 3rd party to confidently assist with all phases of SASE transformation.

Tara: What technologies/techniques can potentially help in delivering visibility into encrypted traffic?

Shree: Underlay and overlay transport network concepts need to be considered in order to have visibility to troubleshoot and diagnose encrypted network and traffic issues. We present some of the techniques for monitoring a SD WAN (Software Defined WAN) encrypted infrastructure. While specific to SD WAN, similar concepts can be applied to any encrypted network traffic in terms of underlay and overlay network visibility

This interview is a part of The Fast Mode's Real-time Visibility for Encrypted Traffic segment, featuring 34 leading IP networking solution providers and their views on the impact of encryption on traffic visibility. A research report on this topic will be published in February 2023 - for more information, visit here.

Author

Shree Shirgurkar is the Vice President of Product Management at Catchpoint, where he’s responsible for managing the product strategy/roadmaps and also for building and launching products globally. Before joining Catchpoint, Shree was the global head of product management of the SaaS business unit at the Boston Consulting Group (BCG). Prior to BCG, Shree was Director of Product Management at Akamai Technologies where he managed Akamai’s media and cloud products.

PREVIOUS POST

Enhancing Network Programmability and Automation With Nokia Altiplano for SDAN

NEXT POST

The Future of Edge-Driven Manufacturing